CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-8655
Critical

Multiple memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway can lead to unpredictable or erroneous behavior and Denial of Service (DoS). The vulnerability occurs when NetScaler ADC is configured as an Oracle load balancer, DNS proxy, or DNS recursive resolver.

CVE-2026-8452
Critical

A memory overflow vulnerability in NetScaler ADC and NetScaler Gateway can lead to unpredictable or erroneous behavior and Denial of Service (DoS) if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

CVE-2026-8451
High

Insufficient input validation in NetScaler ADC and NetScaler Gateway leads to memory overread when the device is configured as a SAML IDP.

CVE-2026-8403
Medium

A stored cross-site scripting (XSS) vulnerability was found in Eksagate SYSGUARD 6001 due to improper input neutralization during web page generation. It affects versions from 2.0.2 up to (but not including) 6.1.4.0. The vendor was contacted and confirmed the product is no longer supported.

CVE-2026-6556
Critical

In @fastify/express versions 4.0.6 and earlier, plugin prefixes are not applied to middleware mount paths when they are arrays or regular expressions. Consequently, middleware registered this way is not executed for requests to prefixed routes, allowing security mechanisms to be bypassed.

CVE-2026-58374
Medium

In hostapd before version 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame with a malformed Multi-Link Element or Per-STA Profile subelement. In hostapd_process_ml_assoc_req() in src/ap/ieee802_11_eht.c, the received link_id field can be parsed as value 15, but the corresponding links[] storage only has valid entries for lower link IDs (0 through 14), causing an out-of-bounds write and small memory corruption before the 4-way handshake.

CVE-2026-58116
Critical

LLaMA-Factory through version 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with a hardcoded trust_remote_code=True parameter, causing the Hugging Face transformers library to fetch and execute arbitrary code from a remote or local model repository with the privileges of the server process.

CVE-2026-58016
High

A flaw was found in GLib where a state confusion issue in g_dbus_node_info_new_for_xml() when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>, can cause an unsigned integer overflow and out-of-bounds read, leading to a denial of service.

CVE-2026-58015
Medium

A flaw was found in GLib's D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism. The cookie_context parameter received from the server is not validated, allowing a malicious D-Bus server to supply path traversal sequences. This enables the client to read arbitrary files and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

CVE-2026-58014
High

An off-by-one error was found in GLib's g_key_file_get_locale_string_list function in gkeyfile.c when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.

CVE-2026-58013
Medium

A flaw was found in GLib where a buffer over-read occurs in g_io_channel_read_line_backend() in giochannel.c when a custom line terminator longer than one byte is set, causing memcmp to read past the GString buffer. This vulnerability can lead to minor information disclosure of 7 bytes or denial of service if the over-read crosses a page boundary.

CVE-2026-58012
Medium

A flaw was found in GLib where a buffer over-read occurs in the g_regex_replace function when using the G_REGEX_RAW compile flag and case-change replacement escapes. The string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This can lead to minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.

CVE-2026-58011
Medium

A flaw was found in GLib where an out-of-bounds read of 2 bytes occurs in the g_date_time_get_ymd function in glib/gdatetime.c when processing an invalid GDateTime object created by g_date_time_add_full. This can corrupt date output and cause logic errors.

CVE-2026-58010
Medium

An off-by-one error was found in GLib in the gvs_tuple_is_normal function within glib/gvariant-serialiser.c. The bounds check uses > instead of >=, causing an out-of-bounds read of one byte during alignment padding checks. This flaw can lead to minor information disclosure of one byte and denial of service if the read crosses a page boundary.

CVE-2026-53433
High

A vulnerability in fzf's --listen mode causes a Denial of Service (DoS) due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity (O(n²)). A crafted POST request with many small segments can trigger excessive CPU usage, monopolizing the single-threaded HTTP server and blocking all other clients.

CVE-2026-53432
High

An integer overflow vulnerability was discovered in the fzf tool within the FuzzyMatchV2 function. When the input line length is approximately 2,200,000 bytes and the pattern length is 999 bytes, an overflow occurs, leading to invalid slice bounds. The Go runtime detects this and immediately terminates the process with a non-recoverable panic.

CVE-2026-4629
Medium

A flaw was found in Keycloak where a user with `manage-clients` permission can inject a hardcoded role mapper into any client. This bypasses scope restrictions and adds the `realm-admin` role to tokens, leading to privilege escalation and full administrative access to the realm.

CVE-2026-47105
Unknown

CVE-2026-47105 has been rejected or withdrawn by its CVE Numbering Authority. It contains no vulnerability information.

CVE-2026-44946
High

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person-in-the-middle attacks. Affects Rancher 2.14.0 before 2.14.3.

CVE-2026-14209
Medium

A vulnerability in Keycloak's Admin UI allows administrators with limited permissions to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an admin who can only search for users can use the 'brute-force-user' endpoint to access full user profiles, including sensitive information and security metadata. The issue is due to missing permission checks for the 'view' right on this specific search path.

PreviousPage 94 of 4485Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS